Pfsense Racoon Error Failed To Get Sainfo
Contents |
« previous next » Print Pages: [1] Go Down Author Topic: Failed to get sainfo - Sonicwall NSA240 (Read 17178 times) 0 Members and 3 Guests are viewing this topic. geewhz01 Jr. Member Posts: 67 Karma: +0/-0 failed to get sainfo meraki Failed to get sainfo - Sonicwall NSA240 « on: December 03, 2008, 01:52:38
Pfsense Ipsec Firewall Rules
pm » I have a tunnel setup to a NSA240 that comes up but does not work. I have other received no_proposal_chosen error notify Sonicwall devices connected with no problem but it appears this new unit must be a little different in how they are handling ipsec. On the pfsense 1.21 box it shows:Dec 3 14:48:11 racoon:
Strongswan Received No_proposal_chosen Error Notify
ERROR: failed to pre-process packet.Dec 3 14:48:11 racoon: ERROR: failed to get sainfo.Dec 3 14:48:11 racoon: ERROR: failed to get sainfo.Dec 3 14:48:11 racoon: [Royal Sonic]: INFO: respond new phase 2 negotiation: X.X.X.X[0]<=>X.X.X.X[0]Dec 3 14:47:55 racoon: ERROR: failed to pre-process packet.Dec 3 14:47:55 racoon: ERROR: failed to get sainfo.Dec 3 14:47:55 racoon: ERROR: failed to get sainfo.Dec 3 14:47:55 racoon: [Royal Sonic]: INFO: respond new phase 2 received invalid_id_information error notify negotiation: X.X.X.X[0]<=>X.X.X.X[0]On the Sonic box it shows:12/03/2008 11:49:49.368InfoVPN IKEIKE Initiator: Start Quick Mode (Phase 2).I have the lifetimes set for 28800 on both boxes on Phase 1 and 2. Both boxes show the tunnel as up but I can't pass any traffic across the vpn.Any ideas?Thanks,Andy Logged geewhz01 Jr. Member Posts: 67 Karma: +0/-0 Re: Failed to get sainfo - Sonicwall NSA240 « Reply #1 on: December 04, 2008, 07:08:38 pm » What I have found is that even though I have the interface of the vpn setup for my 1st carp address and the remote end setup to connect to the carp address that it doesn't work. The Sonicwall sees the packets coming from the carp address but inside the packet it's showing my wan address. The only way I can get this to connect is via the wan address. Is it not possible to use a carp address for the vpn connections or am I missing something else?Andy Logged brbubba Newbie Posts: 3 Karma: +0/-0 Re: Failed to get sainfo - Sonicwall NSA240 « Reply #2 on: January 11, 2009, 09:59:03 am » Quote from: geewhz01 on December 04, 2008, 07:08:38 pmWhat I have foun
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About
Id_prot Request With Message Id 0 Processing Failed
Us Learn more about Stack Overflow the company Business Learn more about hiring
Invalid Hash_v1 Payload Length, Decryption Failed?
developers or posting ads with us Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question failed to pre-process ph2 packet and answer site for system and network administrators. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are https://forum.pfsense.org/index.php?topic=12934.0 voted up and rise to the top PFsense IPSec VPN failing phase 2 up vote 0 down vote favorite I am very new to VPNs and I am getting errors. I have posted the following lines that I think are the most relevant: Dec 2 08:41:03 racoon: DEBUG: IV freed Dec 2 08:41:03 racoon: [EUA]: [79.121.213.141] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] http://serverfault.com/questions/648449/pfsense-ipsec-vpn-failing-phase-2 (side: 1, status: 1). Dec 2 08:41:03 racoon: ERROR: failed to get sainfo. Dec 2 08:41:03 racoon: ERROR: failed to get sainfo. Dec 2 08:41:03 racoon: DEBUG: cmpid source: '192.168.10.0/24' Dec 2 08:41:03 racoon: DEBUG: cmpid target: '79.121.213.141/32' Dec 2 08:41:03 racoon: DEBUG: check and compare ids : value mismatch (IPv4_subnet) Dec 2 08:41:03 racoon: DEBUG: cmpid source: '192.168.0.0/24' Dec 2 08:41:03 racoon: DEBUG: cmpid target: '192.168.0.0/24' Dec 2 08:41:03 racoon: DEBUG: check and compare ids : values matched (IPv4_subnet) Dec 2 08:41:03 racoon: DEBUG: evaluating sainfo: loc='192.168.0.0/24', rmt='192.168.10.0/24', peer='ANY', id=1 Dec 2 08:41:03 racoon: DEBUG: getsainfo params: loc='192.168.0.0/24' rmt='79.121.213.141/32' peer='79.121.213.141' client='79.121.213.141' id=1 Dec 2 08:41:03 racoon: DEBUG: 304ccaa9 0176e9fb 71aa4c00 c864b944 24677b49 Dec 2 08:41:03 racoon: DEBUG: HASH computed: Dec 2 08:41:03 racoon: DEBUG: hmac(hmac_sha1) Can anyone tell me where this is going wrong? I don't think cmpid source and cmpid target should be the same? vpn ipsec pfsense share|improve this question asked Dec 2 '14 at 8:44 imperium2335 10816 add a comment| 3 Answers 3 active oldest votes up vote 0 down vote Failed to get sainfo means that the racoon process cannot get the sainfo line from the racoon.conf config file that will match the incoming pa
cutting associated expenses approximately in half. VPN Rollout Identify product to meet clients requirements. Configure, install and test Cisco RV042G https://community.spiceworks.com/topic/247383-pfsense-ipsec-site-to-site routers to connect to the internet and configure VPNs between remote sites and head office Highly Available Exchange Email is a necessity for any business. For this customer, it's something they can't do without for more than several minutes. TECHNOLOGY IN THIS DISCUSSION pfSense Join the Community! Creating your account only takes a few minutes. Join Now Hi All Is there failed to anyone who can able to help me to fix my problem I have two pfsense installed in a different PC. both have two lan card, Public IP and Local IP I used IPSec VPN both are enabled My settings are: SITE A: Remote Gateway: ISP IP Address (119.92.56.77) Mode: aggressive P1 Protocol: AES (256 bits) P1 transforms: SHA1 pre shreadKey: veryverysecret Encryption algorithm: AES failed to get | 256 bits Hash algorithm: SHA1 DH Key Group: 2 Lifetime: 28800 Phase 2: Local Network: LAN subnet Remote Network: 192.168.51.0/24 Protocol: ESP Encryption algorithm: AES/Blowfish/3DES/CAST128 Hash algorithms: SHA1/MD5 PFS key group: 2 lifetime:3600 SITE B: Remote Gateway: ISP IP Address (119.92.56.78) Mode: aggressive P1 Protocol: AES (256 bits) P1 transforms: SHA1 pre shreadKey: veryverysecret Encryption algorithm: AES | 256 bits Hash algorithm: SHA1 DH Key Group: 2 Lifetime: 28800 Phase 2: Local Network: LAN subnet Remote Network: 192.168.50.0/24 Protocol: ESP Encryption algorithm: AES/Blowfish/3DES/CAST128 Hash algorithms: SHA1/MD5 PFS key group: 2 lifetime:3600 On SITE A Logs: racoon: ERROR failed to get sainfo racoon:[ ]: [119.92.56.78] ERROR: failed to pre-process ph2 packet [check phase 2 settings, networks] (side 1, status: 1) On SITE B Logs: racoon: []: INFO: initiate new phase 2 negotiation: 119.92.56.78[500]<=>119.92.56.77[500] racoon: ERROR: 119.92.56.77 give up to get IPsec-SA due to time up to wait. racoon: []: INFO: initiate new phase 2 negotiation: 119.92.56.78[500]<=>119.92.56.77[500] racoon: ERROR: 119.92.56.77 give up to get IPsec-SA due to time up to wait. thanks Reply Subscribe RELATED TOPICS: pFsense ipSec traffic only flows one way. pfSense around the world